Security mechanisms for a packet-oriented network communication are defined in the ITU standard H.235 (published in ITU-T recommendation H.235, Version 3, “Security and Encryption for H-Series (H.323 and other H.245-based) Multimedia Terminals”). Integrity and authenticity of the registration and signaling messages are ensured in this case inter alia by cryptographic checksums by incorporating a common secret. If an error occurs when checking a cryptographic checksum, the messages, which may also contain address information, are discarded.
In what is known as the “Baseline profile” according to H.235 Annex D, a communication unit and a connection handling computer, which is also called a gatekeeper, authenticate by means of a password which has been registered in advance. In what is known as the “hybrid profile”, according to H.235 Annex F, the communication unit and the connection handling computer use digital signatures and certificates when logging-on or registering. To protect the integrity of further messages following successful logging-on, a common secret is dynamically arranged using what is referred to as the Diffie-Helman method during the logging-on procedure.
To check the authenticity of a received message and to verify authorization, the connection handling computer has to fall back on a database in which the user profiles are stored with the pre-administered passwords for H.235 Annex D or with the certificates in the case of H.235 Annex F. This database is conventionally situated in the same IP network as the connection handling computer. Communication units in other IP networks can also log-on if their messages are forwarded to the connection handling computer via a network connection computer.